From: Florent Bruneau Date: Sat, 4 Oct 2008 10:22:51 +0000 (+0200) Subject: Cleverer hard_match detection. X-Git-Url: http://git.madism.org/?p=apps%2Fpfixtools.git;a=commitdiff_plain;h=a3eac0731ffb3a31b57f9feed0256678f187f2a1 Cleverer hard_match detection. Signed-off-by: Florent Bruneau --- diff --git a/common/array.h b/common/array.h index fe3dded..cd0090a 100644 --- a/common/array.h +++ b/common/array.h @@ -111,9 +111,9 @@ array_ensure_capacity_delta(array, 1); \ (array).data[(array).len++] = (obj); \ } while (0) -#define array_append(array, objs, len) \ +#define array_append(array, objs, Len) \ do { \ - const typeof((array).len) __len = (len); \ + const typeof((array).len) __len = (Len); \ array_ensure_capacity_delta(array, __len); \ memcpy((array).data + (array).len, objs, \ __len * sizeof(*(array).data)); \ @@ -143,8 +143,8 @@ array_ensure_can_edit(array); \ p_shrink(&(array).data, (array).len, &(array).size); \ } while (0) -#define array_elt(array, n) (array).data[(n)] -#define array_ptr(array, n) (array).data + (n) +#define array_elt(array, n) ((array).data[(n)]) +#define array_ptr(array, n) ((array).data + (n)) #define foreach(var, array) \ for (uint32_t __Ai = 0 ; __Ai < (array).len ; ++__Ai) { \ diff --git a/postlicyd/rbl.c b/postlicyd/rbl.c index b3d7d45..a84f73e 100644 --- a/postlicyd/rbl.c +++ b/postlicyd/rbl.c @@ -216,6 +216,9 @@ bool rbldb_ipv4_lookup(const rbldb_t *db, uint32_t ip) typedef struct rbl_filter_t { PA(rbldb_t) rbls; A(int) weights; + A(char) hosts; + A(int) host_offsets; + A(int) host_weights; int32_t hard_threshold; int32_t soft_threshold; @@ -231,6 +234,9 @@ static void rbl_filter_delete(rbl_filter_t **rbl) if (*rbl) { array_deep_wipe((*rbl)->rbls, rbldb_delete); array_wipe((*rbl)->weights); + array_wipe((*rbl)->hosts); + array_wipe((*rbl)->host_offsets); + array_wipe((*rbl)->host_weights); p_delete(rbl); } } @@ -307,6 +313,39 @@ static bool rbl_filter_constructor(filter_t *filter) } } break; + /* host parameter. + * weight:hostname. + * define a RBL to use through DNS resolution. + */ + case ATK_HOST: { + int weight = 0; + const char *current = param->value; + const char *p = m_strchrnul(param->value, ':'); + char *next = NULL; + for (int i = 0 ; i < 2 ; ++i) { + PARSE_CHECK(i == 1 || *p, + "host parameter must contains a weight option"); + switch (i) { + case 0: + weight = strtol(current, &next, 10); + PARSE_CHECK(next == p && weight >= 0 && weight <= 1024, + "illegal weight value %.*s", + (p - current), current); + break; + + case 1: + array_add(data->host_offsets, array_len(data->hosts)); + array_append(data->hosts, current, strlen(current) + 1); + array_add(data->host_weights, weight); + break; + } + if (i != 1) { + current = p + 1; + p = m_strchrnul(current, ':'); + } + } + } break; + /* hard_threshold parameter is an integer. * If the matching score is greater or equal than this threshold, * the hook "hard_match" is called. @@ -357,6 +396,9 @@ static filter_result_t rbl_filter(const filter_t *filter, const query_t *query) int weight = array_elt(data->weights, i); if (rbldb_ipv4_lookup(rbl, ip)) { sum += weight; + if (sum >= data->hard_threshold) { + return HTK_HARD_MATCH; + } } } if (sum >= data->hard_threshold) { @@ -383,6 +425,7 @@ static int rbl_init(void) /* Parameters. */ (void)filter_param_register(type, "file"); + (void)filter_param_register(type, "host"); (void)filter_param_register(type, "hard_threshold"); (void)filter_param_register(type, "soft_threshold"); return 0; diff --git a/postlicyd/strlist.c b/postlicyd/strlist.c index a8316a4..0c8fce3 100644 --- a/postlicyd/strlist.c +++ b/postlicyd/strlist.c @@ -339,6 +339,9 @@ static filter_result_t strlist_filter(const filter_t *filter, const query_t *que if ((!part && trie_lookup(trie, rev ? reverse : normal)) \ || (part && trie_prefix(trie, rev ? reverse : normal))) { \ sum += weight; \ + if (sum >= config->hard_threshold) { \ + return HTK_HARD_MATCH; \ + } \ } \ } \ }